Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

NVD 🇺🇸

Recent vulnerabilities · 272065 entries
ID CVSS Description Vendor Product Published Updated
CVE-2024-50356
0 (3.1)
Press has a potential 2FA bypass frappe
press
2024-10-31T18:02:42.440Z 2024-11-01T13:51:00.632Z
CVE-2025-11173
0 (4.0)
Reauth for enabling 2FA can be bypassed by submitting a form Wikimedia Foundation
OATHAuth
2026-02-03T00:27:45.487Z 2026-02-03T21:08:02.478Z
CVE-2025-1680
0 (4.0)
An acceptance of extraneous untrusted data with t… Moxa
TN-4500A Series
2025-10-23T13:56:39.744Z 2025-10-23T14:35:30.379Z
CVE-2025-26862
0 (4.0)
PingFederate unexpected browser flow initiation in red… Ping Identity
PingFederate
2025-10-27T14:39:41.284Z 2025-10-27T14:48:11.544Z
CVE-2025-32696
0 (4.0)
"reupload-own" restriction can be bypassed by reverting file Wikimedia Foundation
MediaWiki
2025-04-10T18:28:48.161Z 2025-11-03T19:53:33.707Z
CVE-2025-32697
0 (4.0)
Cascading protection is not preventing file reversions Wikimedia Foundation
MediaWiki
2025-04-10T18:29:17.482Z 2025-04-10T19:05:48.098Z
CVE-2025-3469
0 (4.0)
i18n XSS vulnerability in HTMLMultiSelectField when se… Wikimedia Foundation
MediaWiki
2025-04-10T18:28:13.370Z 2025-11-03T19:53:59.985Z
CVE-2025-49823
0 (3.1)
Conda Constructor Command Injection via Unsanitized Us… conda
constructor
2025-06-17T02:21:17.496Z 2025-06-17T15:52:25.295Z
CVE-2025-61635
0 (4.0)
Add rate limiting to ApiFancyCaptchaReload Wikimedia Foundation
ConfirmEdit
2026-02-02T23:26:14.537Z 2026-02-03T21:13:41.151Z
CVE-2025-61644
0 (4.0)
i18n XSS through Special:Watchlist Wikimedia Foundation
MediaWiki
2026-02-02T23:57:17.522Z 2026-02-03T21:03:59.441Z
CVE-2025-61654
0 (4.0)
UserInfoCard: Do permission checking when getting coun… Wikimedia Foundation
Thanks
2026-02-03T01:08:57.273Z 2026-03-03T15:44:29.769Z
CVE-2025-61657
0 (4.0)
Improper Neutralization of Input During Web Page … Wikimedia Foundation
Vector
2026-02-03T01:00:59.692Z 2026-02-03T21:00:15.785Z
CVE-2025-6591
0 (4.0)
HTML injection in API action=feedcontributions output … Wikimedia Foundation
MediaWiki
2026-02-02T23:02:33.728Z 2026-02-28T02:52:57.390Z
CVE-2025-6596
0 (4.0)
Vector inserts portlet labels as HTML, allowing for st… Wikimedia Foundation
Vector
2026-02-02T22:58:20.912Z 2026-02-03T21:12:11.934Z
CVE-2025-6597
0 (4.0)
MediaWiki should not consider autocreation as login fo… Wikimedia Foundation
MediaWiki
2026-02-02T22:57:30.161Z 2026-03-03T15:39:51.521Z
CVE-2025-67479
0 (4.0)
Magic word replacement in legacy parser allows using r… Wikimedia Foundation
MediaWiki
2026-02-03T01:12:21.567Z 2026-03-02T17:42:31.216Z
CVE-2025-9340
0 (4.0)
native encrypt/decrypt operations in JCE may corrupt d… Legion of the Bouncy Castle Inc.
Bouncy Castle for Java
2025-08-22T09:39:47.303Z 2025-08-22T10:37:18.585Z
CVE-2026-13706
0 (4.0)
UrlShortener extension url validation can be bypassed … Wikimedia Foundation
UrlShortener
2026-07-01T14:29:49.167Z 2026-07-01T15:44:29.349Z
CVE-2026-13707
0 (4.0)
Session fixation attacks on improperly configured OAut… Wikimedia Foundation
OAuth
2026-07-01T14:32:26.598Z 2026-07-01T15:46:18.205Z
CVE-2026-20188
0 (3.1)
Cisco Crosswork Network Controller and Cisco Network S… Cisco
Cisco Crosswork Network Change Automation
2026-05-06T16:15:37.396Z 2026-05-14T16:30:22.826Z
CVE-2026-32732
0 (4.0)
XSS in @leanprover/unicode-input-component leanprover
vscode-lean4
2026-03-13T21:43:22.209Z 2026-03-16T20:22:43.428Z
CVE-2026-3479
0 (4.0)
pkgutil.get_data() does not enforce documented restrictions Python Software Foundation
CPython
2026-03-18T18:13:42.288Z 2026-04-07T22:01:35.724Z
CVE-2026-41517
0 (4.0)
Emlog: Remote Code Execution via Malicious Plugin Upload emlog
emlog
2026-05-08T21:50:27.441Z 2026-05-11T18:40:00.681Z
CVE-2026-42873
0 (3.1)
WeGIA: Error Handling Upload DocDependente LabRedesCefetRJ
WeGIA
2026-05-11T18:34:05.548Z 2026-05-12T13:39:26.848Z
CVE-2026-44427
0 (4.0)
MCP Registry: Open Redirect modelcontextprotocol
registry
2026-05-14T21:07:34.364Z 2026-05-15T13:33:16.949Z
CVE-2026-44956
0 (3.0)
Low‑privileged users could use their Full Name as… Revive
Adserver
2026-06-23T16:14:38.240Z 2026-06-23T17:25:34.164Z
CVE-2026-44960
0 (3.0)
A stored XSS can be exploited by leveraging the u… Revive
Adserver
2026-06-23T16:14:38.124Z 2026-06-23T17:46:02.076Z
CVE-2026-44961
0 (3.0)
The XML‑RPC API addUser method has a validation b… Revive
Adserver
2026-06-23T16:14:38.126Z 2026-06-23T17:44:07.348Z
CVE-2026-55611
0 (3.1)
AnythingLLM: embed-parsed-file cleanup deletes any par… Mintplex-Labs
anything-llm
2026-06-24T17:17:03.479Z 2026-06-24T18:32:39.765Z
CVE-2026-58026
0 (4.0)
$wgNonincludableNamespaces can be bypassed by embeddin… Wikimedia Foundation
MediaWiki
2026-07-01T15:10:34.559Z 2026-07-01T15:50:17.256Z